No objection to the additions, though they start to get a little out
of the "web" context when you talk about traceroute data. Maybe some
catch-all is appropriate here, "Network diagnostic information (e.g.
ping, traceroute, etc)" or equivalent? Catch-alls are intrinsically
non-exhaustive, but I would think it obvious that we mean
"exhaustive" within some context. Maybe not?
As for rephrasing the term in the first place, my only note would be
that whatever we rephrase it to should continue to imply that this
list is an important and comprehensive piece of work. Honestly,
section 7 is a reference I've already used multiple times in my own
conversations - I think it's important that we persist in our efforts
to keep it comprehensive.
Basically, my feeling is that the list could be a valuable
deliverable on its own, and the kind of thing that is very much up
the w3's alley.
Cheers,
Johnathan
---
Johnathan Nightingale
Human Shield
johnath@mozilla.com
On 26-Mar-07, at 9:28 AM, Web Security Context Issue Tracker wrote:
>
>
> ISSUE-20: Potential additions to Available Security Information
>
> http://www.w3.org/2006/WSC/Group/track/issues/20
>
> Raised by: Mary Ellen Zurko
> On product: Note: use cases etc.
>
> http://lists.w3.org/Archives/Public/public-usable-
> authentication/2007Mar/0032.html -
> In section 7, are you that confident that you can claim it's truly an
> exhaustive list? :) For cookies, do you want to explicitly call
> out "both
> those sent and server requests to store"? DNS can also provide
> reverse-mapping addresses; if example.com has IP address 1.2.3.4, does
> 4.3.2.1.in-addr.arpa map to example.com? Also IP ping/traceroute
> can show
> packet flows ("since when is Citibank HQ in Uzbekistan"?) Also, IP/
> geo
> mapping facilities. These aren't commonly done, but since you mention
> repuation service...
>
> We should probably rephrase the "exhaustive". Any pushback on the
> suggested
> additions?
>
>
>
>
>